Threshold Implementations of all 3×3 and 4×4 S-boxes

Begül Bilgin, S.I. Nikova, Vincent Rijmen, Ventzislav Nikov, Georg Stütz

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    79 Citations (Scopus)


    Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn’t describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible 3 ×3, 4 ×4 S-boxes and the 6 ×4 DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. 8 ×8) S-boxes. Finally, we investigate the cost of such protection.
    Original languageUndefined
    Title of host publicationCryptographic Hardware and Embedded Systems, CHES 2012
    EditorsE. Prouff, P. Schaumont
    Place of PublicationBerlin, Germany
    Number of pages16
    ISBN (Print)978-3-642-33026-1
    Publication statusPublished - 2012
    EventCryptographic Hardware and Embedded Systems, CHES 2012 - Leuven, Belgium
    Duration: 9 Sep 201212 Sep 2012

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Berlin Heidelberg


    WorkshopCryptographic Hardware and Embedded Systems, CHES 2012
    Other9-12 September 2012


    • EWI-24463
    • IR-89341
    • METIS-302703
    • SCS-Cybersecurity

    Cite this